checking whether an AD accou t is enabled or disabled in FR 3.0.17

Matthew Newton mcn at freeradius.org
Fri Jul 13 13:19:44 CEST 2018


On Fri, 2018-07-13 at 11:26 +0100, Alex Sharaz via Freeradius-Users
wrote:
> This all works except for the fact I'm not checking for an enabled AD
> account. FR is configured to use winbindd. The TLS cert CN is of the
> form <userid>-<4digit hex number>@york.ac.uk
> 
> Is there any way of me checking for an enabled AD account? e.g.
> ntlm_auth using userid component of the CN and checking a status
> response ? or another way ?

Split the CN up with a regex to get the username, then do an LDAP
lookup against AD to check to see if the account is enabled or not.

-- 
Matthew



More information about the Freeradius-Users mailing list